Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    05/07/2024, 04:44

General

  • Target

    2024-07-05_a00a34fd05e2621a1a5514f51f2f9fed_bkransomware.exe

  • Size

    507KB

  • MD5

    a00a34fd05e2621a1a5514f51f2f9fed

  • SHA1

    1f39326ec6ae8734995b0e187a1ddf8d36ccde2f

  • SHA256

    fcda68d2fa02bb2bb763b8b460aa4c487f6d17670f8177f9a2447e643fb2cd4c

  • SHA512

    f66a9801dfef20654e6573f6242cfe6c1ad4c6a0683854aca1355fff40bba105aa2f15ee40c552ecd60bb20bc1562bf505386b0bb28c2ff3b94f1b3e6dc93a31

  • SSDEEP

    12288:ayjoBI0TOBkmRk6M8a6XwnfgdBOcs1mW:1jTOOBkmi6Ha6XwodBOcN

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 6 IoCs
  • Drops file in Windows directory 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-05_a00a34fd05e2621a1a5514f51f2f9fed_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-05_a00a34fd05e2621a1a5514f51f2f9fed_bkransomware.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2312
    • C:\rkzvesaqtdq\nsry4ag2bhpzheetuyo3w.exe
      "C:\rkzvesaqtdq\nsry4ag2bhpzheetuyo3w.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:2796
      • C:\rkzvesaqtdq\ketidewiqka.exe
        "C:\rkzvesaqtdq\ketidewiqka.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:2580
  • C:\rkzvesaqtdq\ketidewiqka.exe
    C:\rkzvesaqtdq\ketidewiqka.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2908
    • C:\rkzvesaqtdq\ylnsruuxdcbc.exe
      yaieh3tmtcsd "c:\rkzvesaqtdq\ketidewiqka.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      PID:2748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\rkzvesaqtdq\dyhwrja

    Filesize

    12B

    MD5

    af442c287fc5f45679fb442d63be6282

    SHA1

    09c5af2c5d47e4bf44f73f7799614acc8f5f9758

    SHA256

    898304f9adf6eaae130c0de00f30296e20eed3a2c235afd098062e6e2d61e015

    SHA512

    609d704c83deeb270b74c73622c3ed3d114a6456d55270f16e36248ed364196bc6c45b4192e4041c6814bca0489a4e907bde2dc25b20ff93db332a005ca4f9b4

  • \rkzvesaqtdq\nsry4ag2bhpzheetuyo3w.exe

    Filesize

    507KB

    MD5

    a00a34fd05e2621a1a5514f51f2f9fed

    SHA1

    1f39326ec6ae8734995b0e187a1ddf8d36ccde2f

    SHA256

    fcda68d2fa02bb2bb763b8b460aa4c487f6d17670f8177f9a2447e643fb2cd4c

    SHA512

    f66a9801dfef20654e6573f6242cfe6c1ad4c6a0683854aca1355fff40bba105aa2f15ee40c552ecd60bb20bc1562bf505386b0bb28c2ff3b94f1b3e6dc93a31